Issue M2M access token (client_credentials)
OAuth 2.0 `client_credentials` grant. Accepts both `application/x-www-form-urlencoded` and `application/json` bodies. Returns a short-lived `Bearer` access token. M2M clients are provisioned in the admin panel (`POST /api/admin/m2m-clients`).
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
curl -X POST "https://example.com/api/oauth/token" \ -H "Content-Type: application/json" \ -d '{ "grant_type": "client_credentials", "client_id": "string", "client_secret": "string" }'{
"access_token": "string",
"token_type": "Bearer",
"expires_in": 0
}{
"error": "Session not found"
}{
"error": "Session not found"
}Phase-level cycle time, cost, and rework aggregations
Returns aggregated phase metrics (avg cycle time, cost, rework rate) across all workflow states in the workspace for the requested time range. Auth: `rsk_` API key or session cookie.
Mint a new rsk_ API key
Creates a new `rsk_live_*` token. The full token is returned **once** and is never stored in plaintext. - `projects: "all"` requires `org_keys:write` scope or org admin/owner role. - `projects: [...]` requires project membership for all listed project IDs. Canonical endpoint (supersedes deprecated `POST /api/org/api-keys`).